“I Spy with My Little Eye…” – The Issue of the Kenyan Government Spying On Citizens

There’s a very high chance that you have read, heard or seen the plans that the Kenyan government, through the Communications Authority, has to spy on its citizens. If not, well, now you know that there’s such a plan. According to Daily Nation, the government wants to be allowed to listen to calls, read text messages and review mobile money transactions. Why? “To track counterfeit devices”.

Ok, I thought that you only needed access to a device’s IMEI (International Mobile Equipment Identity) and access to the Equipment Identity Register? Apparently not, according to the government. You need to listen in on calls, read texts and see who is sending who money.

The Communications Authority of Kenya, has ordered mobile phone service providers to allow it to tap their computers, through a company contracted by the agency. The Daily Nation says that the authority has already sent out letters to service providers setting up dates for the plugging of the snooping device, with some dates as soon as Tuesday next week.

The Problem

The contracted agency, Broadband Communications Networks Ltd, will get a direct access to call data before transmitting it to the Communications Authority. And since the company does not legally bear the responsibility to protect customer confidentiality, this leaves the customers exposed to intrusion of privacy.

Good news (at least for now) is that the mobile service providers are plotting a joint resistance, to protect customer data. But the problem is, Kenya has no data protection law. The Data Protection Bill, from 2013, has not yet been passed by Parliament. This means that anyone who gains access to people’s personal information can abuse it,as might be the case since private communication data being held by the regulator would probably be unsafe from outside parties (read hackers).

this move by the government raises more questions than there are answers to it

What Kenyans Think

A survey released by Ipsos shows that 75% of Kenyans agree that law enforcement agencies should have the right to get access to the content of their citizens’ online communications for valid national security reasons. Usually, governments can listen to private conversations and access personal data (those who have watched Snowden know this), but by law they need to have a good reason and get a warrant from a judge. The reason given by the Kenyan government is to track counterfeit devices. This raises suspicion. What exactly does the government want to do with the data? Why are they not being honest about it? (Yeah, I know the irony of expecting the government to be honest).

The government would claim that the move is to ensure the safety and security of its citizens, but at the expense of their privacy. I am not against the government accessing my personal communication data, before you rush down to the comments section to curse at me, I am against the idea that they want to bring in a third-party into the equation – which creates a lot of loopholes for private data to end up in the wrong hands.

If the government really wants to protect the citizens, why not pass the draft Data Protection Bill, and then sit down with Telcos and come up with a framework that the government can use to get access to the said data, only and only, when necessary and following the correct legal procedure. Additionally, monitoring social media is one thing (since whatever you post there is already in the public domain), but listening in on calls and reading text messages without probable cause is going a bit too far.

Anyway, these are just my thoughts and I would very much like to know what you think. Should the government be given direct access to your personal communications data?

UPDATE:

The Communications Authority of Kenya has released a press statement dismissing the claims that the new Device Management System (DMS) is meant to track personal information. The agency clarifies that, “the DMS is a comprehensive system that is not only able to manage entry of devices into the country but equally prevent access of illegal communication devices to mobile telecommunications services. The DMS will be populated by data of all genuine devices (a whitelist), to uniquely identify each device.” The press release goes ahead and states that, “…the system is deployed in a manner that facilitates mobile network operators to make reference to the database of all genuine devices (a whitelist) to solely verify the status of the phone device before providing service to the user. This is contrary to reports that the system will be extracting subscriber data for use by third parties.”